Russian Hackers Collect 1.2 Billion Passwords In A Mega Breach

The New York Times has reported the largest known collection of stolen Internet credentials by a Russian crime ring. These hackers reportedly amassed 1.2 billion username and password combinations, and more than 500 million email addresses from 420,000 websites through botnets (computers that have been infected with and controlled by a computer virus). The sites ranged from small sites to larger household names. Many of the targeted sites are still vulnerable.

2014: The Year Of The Mega, MEGA Breach?

In Symantec’s 2014 Internet Security Threat Report, researchers declared 2013 as “The Year of The Mega Breach”, and recent breaches this year indicate that the situation isn’t getting better. These numbers are surprising, not only because the collection was the largest yet discovered, but also because of the scope of the impact on Internet users.Roughly 39% (2.76B) of the world’s population of 7.1 billion uses the Internet. The volume of online credentials collected (1.2B passwords) potentially accounts for over one-third of the world’s Internet users. That’s a lot of data.

Given the magnitude of this latest discovery, it is clear that the need for companies to do more to protect your data has become more urgent than ever.

One of the weakest links in protecting your data is the user name and password that you use to identify yourself to websites. Often simply called credentials, in the wrong hands they can be used in fraudulent activity and identity theft, or sold for quick cash on the underground market. You can help keep your credentials safe and by doing so, minimize the risk that your sensitive information will be compromised.

So, what can you do to keep your online credentials safe?

Change passwords on important sites: It’s a good idea to immediately change passwords for sites that hold a lot of personal information, financial details, and other private data. Cyber criminals who have your credentials could try to use them to access more information on these accounts. This is particularly true if you have used the same password on multiple sites. Attackers will often try to use stolen credentials on multiple sites.

Pay special attention to your email credentials. A lot of users fail to recognize that their email account can be a front door to their entire digital life. Think about how many times you may have reset your password on some other site by have a ‘recovery’ link sent to your email account. This is why you should carefully guard access to your email account.

Don’t re-use passwords: One of the main ways that hackers use credentials is to try to gain access to your other accounts. If you vary your passwords across multiple logins, they won’t be able to access other sites with the same information.

Create stronger passwords: Make sure that your password is a minimum of eight characters long, and that it doesn’t contain your real name, username, or any other personally identifying information. It should also contain a combination of uppercase and lowercase letters, numbers, and special characters. Have trouble thinking of a good one? Try our free Password Generator.

Use a password manager to store passwords: Norton Identity Safe is free and conveniently remembers your passwords so that you don’t have to. You can get it by clicking here.

Enable Two-Factor Authentication: Many websites now offer two-factor (or two step) authentication, which adds an extra layer of security to your account by requiring you to enter your password, plus a code that you will receive on your mobile device (via text message or a token generator) to login to the site. Of course, this adds complexity to the login process, but it significantly improves the security of your account. If nothing else, use this for your most important accounts.

As a final suggestion, keep an eye on your online accounts. If you see something suspicious, report it to the website. If you discover a fraudulent charge on one of your financial accounts, in most cases, the charge can be reversed, and your account can be frozen to prevent any further fraudulent activity. For more tips, see our recent post on how to monitor your credit card accounts.

Being vigilant can help stop fraud on your account and keep information and identity protected.

Comments

The New York Times has reported the largest known collection of stolen Internet credentials by a Russian crime ring. These hackers reportedly amassed 1.2 billion username and password combinations, and more than 500 million email addresses from 420,000 websites through botnets (computers that have been infected with and controlled by a computer virus). The sites ranged from small sites to larger household names. Many of the targeted sites are still vulnerable.

2014: The Year Of The Mega, MEGA Breach?

In Symantec’s 2014 Internet Security Threat Report, researchers declared 2013 as “The Year of The Mega Breach”, and recent breaches this year indicate that the situation isn’t getting better. These numbers are surprising, not only because the collection was the largest yet discovered, but also because of the scope of the impact on Internet users.Roughly 39% (2.76B) of the world’s population of 7.1 billion uses the Internet. The volume of online credentials collected (1.2B passwords) potentially accounts for over one-third of the world’s Internet users. That’s a lot of data.

Given the magnitude of this latest discovery, it is clear that the need for companies to do more to protect your data has become more urgent than ever.

One of the weakest links in protecting your data is the user name and password that you use to identify yourself to websites. Often simply called credentials, in the wrong hands they can be used in fraudulent activity and identity theft, or sold for quick cash on the underground market. You can help keep your credentials safe and by doing so, minimize the risk that your sensitive information will be compromised.

So, what can you do to keep your online credentials safe?

Change passwords on important sites: It’s a good idea to immediately change passwords for sites that hold a lot of personal information, financial details, and other private data. Cyber criminals who have your credentials could try to use them to access more information on these accounts. This is particularly true if you have used the same password on multiple sites. Attackers will often try to use stolen credentials on multiple sites.

Pay special attention to your email credentials. A lot of users fail to recognize that their email account can be a front door to their entire digital life. Think about how many times you may have reset your password on some other site by have a ‘recovery’ link sent to your email account. This is why you should carefully guard access to your email account.

Don’t re-use passwords: One of the main ways that hackers use credentials is to try to gain access to your other accounts. If you vary your passwords across multiple logins, they won’t be able to access other sites with the same information.

Create stronger passwords: Make sure that your password is a minimum of eight characters long, and that it doesn’t contain your real name, username, or any other personally identifying information. It should also contain a combination of uppercase and lowercase letters, numbers, and special characters. Have trouble thinking of a good one? Try our free Password Generator.

Use a password manager to store passwords: Norton Identity Safe is free and conveniently remembers your passwords so that you don’t have to. You can get it by clicking here.

Enable Two-Factor Authentication: Many websites now offer two-factor (or two step) authentication, which adds an extra layer of security to your account by requiring you to enter your password, plus a code that you will receive on your mobile device (via text message or a token generator) to login to the site. Of course, this adds complexity to the login process, but it significantly improves the security of your account. If nothing else, use this for your most important accounts.

As a final suggestion, keep an eye on your online accounts. If you see something suspicious, report it to the website. If you discover a fraudulent charge on one of your financial accounts, in most cases, the charge can be reversed, and your account can be frozen to prevent any further fraudulent activity. For more tips, see our recent post on how to monitor your credit card accounts.

Being vigilant can help stop fraud on your account and keep information and identity protected.

"The volume of online credentials collected (1.2B passwords) potentially accounts for over one-third of the world’s Internet users."

That assumes that each infected machine yields just one username/password combination. I do not know how many passwords most people have, but if we assume that the average number is between 10 and 50, a more accurate estimate would be that between 1% and 4% of all Internet users have been hit.